I'm making a sandboxed Mac app, and I used NSOpenPanel to get a file URL, and saved it to UserDefaults as a security-scoped bookmark. When I quit and restart the app, I can resolve that blob of Data into a URL again.
The documentation says I should call startAccessingSecurityScopedResource(), and check its return value. (That does return true when I call it.) But if I don't call that, I've still got a resolved URL, and I still appear to have permissions to access it.
What does startAccessingSecurityScopedResource() actually do? Is there anything bad that can happen, if I don't call it?
As long as your app only accesses files in standard locations (Downloads, Music
Movies, Pictures) and you included the required entitlements for programmatic file and folder access in your app, you don't need to store security scoped bookmarks for those locations.
But for other locations that should remain accessible after the app has been restarted, you should store security scoped bookmarks and call startAccessingSecurityScopedResource() before access. If you skip that step, you'll get an exception as soon as you try to access that file.
startAccessingSecurityScopedResource() makes the security scoped bookmark's resource available to your app's sandbox thus granting you access to that resource.
Related
I'm setting up a new share that I've enabled enumerated access on. I'm looking to limit people access to files on a certain folder. I've setup other folders that restrict access unless your in a security group. This folder thats giving me trouble was copied over from another network share. When I create a folder from scratch everything works fine so I'm curious if thats whats giving me issues.
The folder I'm trying to access is
x:/Limerock/Projects/"Project Name"
If I go into the security tab and check my effective access it says that I have full control:
The user I'm signed into is joe.jankowiak which is part of the Domain Admins security group. Domain Admins owns all the folders in above this and has full control.
When trying to enter the folder it tells me I need to request permission. I'm an admin so it goes through and adds "joe.jankowiak" to the full control list in the security permissions.
Why is it not taking my domain admin credentials to enter this folder? I'm seeing other weird behavior such as it saying "Unable to display current owner." and "You must have read permissions to view the properties of this object". Clicking continue lets me see it.
Everything looks right, I've setup 6 other new folders in the exact same manner and they work fine. I've signed in and out many times but it hasn't fixed it. Weird enough, another computer I signed into lets me access the folder just fine. Is there a way to reload file permissions since logging in/out doesn't seem to do it. Is there a command like gpupdate that I should run?
I have seen this before andyou might need to do the following operations in order:
-Replace Ownership on the folder and replace all child object ownership too=>apply or OK
-Close the security properties and re-open it again
-Add Domain Admins as full control and Replace all child object permissions... =>apply/OK
That should do it
I enabled sandbox and I want to create data by bookmarkDataWithOptions.
If the URL is created by NSPanel that work very well. But, If I obtain URL without using NSOpenPanel, the bookmarkDataWithOptions method always return nil. why?
thank about If I want to set a special folder default can read/write without using NSOpenPanel.
How can i do?
Thanks
The main feature of the Sandbox is security. If an application could read/write an arbitrary folder without user permission, the security would be broken.
The App Sandbox Design Guide states clearly:
• Simulation of user input in Open and Save dialogs:
if your app depends on programmatically manipulating Open or Save dialogs to simulate or alter user input, your app is unsuitable for sandboxing.
The only way to achieve something similar, is to add a read/write entitlement to one of the preset directories (Documents, Pictures, Music, etc…). For further documentation, take a look at this guide.
I have created two refresh tokens for me:
one for
SCOPE = 'https://www.googleapis.com/auth/drive'
and another
SCOPE = 'https://www.googleapis.com/auth/drive.file'
I'm trying to get information about files (using get method)
Some files I can get when using SCOPE drive.files, and some only when using wider scope drive
But I can not figure out what is the reason for that? Files are located in different folders but have one shared root folder.
The difference is that 'drive.file' only gives you permission to files that your app has created or the user has explicitly shared with your app, whereas 'drive' gives your app permission to see the all the files in the user's drive.
See
https://developers.google.com/drive/web/scopes
You should really look into using drive.file, that is where they are trying to push users. I was just fighting with this myself and found that if you use the drive.file scope, you can then subsequently open the file that is chosen using the API for the file type, but only if you set the correct AppID.
See here: https://developers.google.com/picker/docs/#gdata
This allows you to get past the 404 error that you get if you don't set the AppID.
I have subclassed RazorViewEngine so I can check for Request.Browser.IsMobileDevice and add a special mobile identifier to the view file name for it to grab. However I can't access the Request object. What should I do?
You can use either the HttpContext.Current.Request or Context.Request. Although understand how that IsMobileDevice works. It uses a browser file which contains a list of known user agents. As soon as a new device is built, that list is outdated, but in some cases may still identify the device to be mobile correctly. The recommended way is to use 51Degrees or to connect to the services it encompasses directly.
Quick Question:
I'm working on a document based application in OS X. Can I use an App-Scope bookmark to gain access to a file, or must it be a document-scope bookmark?
I understand that any app can use both of these, but I wasn't sure if perhaps the app-scope bookmark can't be accessed by a specific document of that app.
I initially implemented an app-based scope bookmark and when I attempt to startAccessing it, it always returns FALSE.
Wondering if I will need to change this to a Document-scope to get it to work.
Here's a link to my other question which shows the actual code:
Security Scoped Bookmark - startAccessing always returns FALSE and Resolved URL doesn't work
Thanks!